Credentials for usage in scanning are stored in Security Center, not on the Nessus scanners. They are encrypted on disk in SC , and passed to the relevant scanner along with the scan policy and target IPs during a scan job. After a scan job is complete, credentials are not retained on the scanner. In most target host authentication methods, credentials are never exposed on the host being scanned little risk to scanning a compromised host. Once entered into SC by a user, they cannot be retrieved except usernames , only edited and used in scans.
Security Center 5 also supports integration with CyberArk for additional credential management options. That said, you are correct in that scanning credentials are an inviting target. That said, so is all the vulnerability data that SC contains. Implement certificate smart card based GUI authentication.
Use certificate based authentication to sensors where available. All scanning credentials should be long and complex or be key based. All scanning credentials should be unique to scanning don't share with other services and usage monitored. Encrypt backups and store them securely. Maintain physical access controls.
One additional note; in AD environments, when scanning with AD accounts, you should a use unique scanning accounts and b set the 'Account is sensitive and cannot be delegated' attribute.
Log In to Answer. Related Questions Nothing found. Unanswered Questions: Do you have the answer? Integration between Tenable.
Number of Views The following types of credentials are managed in the Credentials section of the scan or policy:. For more information, including detailed information about each credential type, see the "Credentials" page of the Nessus User Guide.
Back to tenable. Please login or register here: Self Register. Ask the Community Instead! Knowledge Article. Information Applies To. Operating System s. Article Number. Details Information. Credentials Security Credentials in a Nessus scan or policy are stored in the policies. Credentials Order Credentialed scans can perform any operation that a local user can perform.
Multiple Scan Targets When a scan is configured with multiple targets, the scan of each target uses the order of the Active Credentials list until a set of credentials succeeds.
Additional Resources. Note: As a reminder, Tenable only provides support in English. Nessus Tenable. Not finding your answer? Ask our community of users and experts. Ask a question. Number of Views Number of Views 2.
Number of Views 7. All Topics. Useful plugins to troubleshoot credential scans.
0コメント